Skip to main content

Enterprise PKI Manager

New and enhancements

Private S/MIME Secure Email - New certificate template called Private S/MIME Secure Email bound to a User Seat that allows issuance of Private S/MIME certificates that can be used to sign and encrypt emails issued by your chosen Private CA, which will require to be trusted by the recipient. Profiles can be configured with a new option that will allow the private keys to be escrowed or not:

  • Cloud Key Escrow: where private keys are escrowed in the cloud and can then be recovered manually or via REST API by an authorized administrator with appropriate KEY RECOVERY permission

  • No Escrow: where a CSR is expected as part of the request and keys are not escrowed.

This new template allows issuance of Private S/MIME certificate via the below enrollment/authentication methods:

  • Browser PKCS12 > Manual ApprovalEnrollment Code

  • DigiCert Desktop Client > Manual ApprovalEnrollment CodeSAML IdP

  • REST API > 3rd party appEnrollment Code

DigiCert Desktop Client v3.3.1 - New release of DigiCert Desktop Client (v3.3.1) supporting:

  • Download of MSI package for silent installation of the client

  • Support for macOS Monterey

  • In-built support for the "Gemalto Classic Smart Card" hardware token

  • Fix for macOS package not auto-starting upon installing the client for the first time

Saving Table State - Enhanced the functionality to remember the table Filters, Columns, Sorter and Page size state to browser local storage based on the Administrator logged into the account, for tables included within the these pages:

  • Certificates

  • Enrollments

  • Templates

  • Manage Profiles

  • Business Units

  • Manage Seats (for each seat type)

Profile Wizard Enhancement - Renamed the "Custom and optional fields" profile wizard step to "Certificate options" and added two new sub-sections called "Flow options" and "Renewal options" to better group configuration steps.

Delivery of both PEM and DER encoded certificates - For profiles configured with the CSR enrollment method, the public-facing web page that delivers the certificate will now allow the user to download the X.509 and PKCS#7 certificate in either PEM (Base64) or DER (binary), depending on the delivery format the profile is configured to use:

  • For profiles configured with X.509:

    • Filename: Certificate_X509_DER_<serial-number>.cer

    • Filename: Certificate_X509_PEM_<serial-number>.pem

  • For profiles configured with PKCS#7:

    • Filename: Certificate_PKCS7_DER_<serial-number>.p7b

    • Filename: Certificate_PKCS7_PEM_<serial-number>.p7b (same extension for both, since Windows will be able to open it regardless of the encoding)

Fixes

[DOEPM-2963] Fixed issue with profiles configured with the "REST API" enrollment method where certificate requests were failing when editing/saving a profile with an empty API User Binding.

In deze sectie: